The invention discloses a memory malicious code detection method based on processor tracking, which belongs to the technical field of information security, and is characterized by comprising the following steps that: a, a driving module initializes an Intel processor tracking function; b, monitoring a code execution path of a target process; c, decoding a buffer area to obtain a complete virtual address of the execution path; d, carrying out malicious code detection on a memory page; e, judging whether the code belongs to a trusted memory code or not; and f, detecting a memory code API calling record and a COM interface calling record, and matching the memory code API calling record and the COM interface calling record with an abnormal behavior knowledge base. Common scenes such as memory codes, shelled malicious codes, encrypted malicious code viruses and Trojan horses used in file-free attacks can be detected, meanwhile, the method also has a detection effect on execution of shellcode codes in the vulnerability utilization process, the detection effect is good, and good universality is achieved.